Configuration in udev - CVE-2011-0640
Published: January 25, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45407
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-0640
CWE-ID: CWE-16
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: kernel.org
Affected software:
udev
udev
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The default configuration of udev on Linux does not warn the user before enabling additional Human Interface Device (HID) functionality over USB, which allows user-assisted attackers to execute arbitrary programs via crafted USB data, as demonstrated by keyboard and mouse data sent by malware on a smartphone that the user connected to the computer.
How to mitigate CVE-2011-0640
Install update from vendor's website.